Back to skill
Skillv1.0.0
VirusTotal security
图片视频生成 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 9:36 AM
- Hash
- 5b858119d168aac360871791fcf23adb0110a53868494d6e2979731f9097b733
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tupian-shipin-shengcheng Version: 1.0.0 The skill bundle exhibits high-risk behavior by performing extensive environment discovery and interacting directly with the host application's internal state. Specifically, `scripts/schedule_task_watch.py` and `scripts/cron_watch_task.py` search for local OpenClaw/EasyClaw installations, execute CLI commands via `subprocess.run`, and manually modify session transcript files to inject background notifications. Furthermore, the skill handles credentials insecurely by passing API tokens as command-line arguments to cron jobs, exposing them to system process monitoring. While these actions facilitate asynchronous video/image generation via the `easyclaw.bar` platform, the intrusive methods used—such as reading the global `openclaw.json` configuration and session stores—exceed the typical boundaries of a benign skill.
- External report
- View on VirusTotal